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CLAIMS 



1/ Method for enabling a user registered in an Network Access Server as 
already connected to a Virtual Private Network, called host Virtual Private 
Network, to communicate with at least one communication device outside of 
5 said host Virtual Private Network, said Network Access Server having access 
over a data communication network to said communication device and to a 
plurality of Virtual Private Networks comprising said host Virtual Private 
Network, said method being characterized in that it comprises a step of 
sending messages belonging to a communication between said user and said 
10 communication device over a logical channel between said Network Access 
Server and said communication device, said logical channel referring to an 
identifier of said host Virtual Private Network. 

2/ Method according to claim 1, characterized in that it further comprises the 
1 5 steps of: 

- detecting at said Network Access Server a message from said user 
destined to said communication device; and 

- forwarding said message from said Network Access Server to said 
communication device over the logical channel referring to the identifier 

20 of said Virtual Private Network. 
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3/ Method according to claim 1 , characterized in that it further comprises the 
steps of: 

detecting a message from said communication device being received at 
5 said Network Access Server on the logical channel referring to the 

identifier of a Virtual Private Network, said message containing a user 
destination address; 

determining a user registered in said Network Access Server as already 
connected to said Virtual Private Network and corresponding to said 
1 0 destination address; and 

- forwarding said message from said Network Access Server to said user. 

4/ Method according to claim 1 , characterized in that said messages 
belonging to the communication between said user and said communication 
1 5 device are encapsulated in data packets, said data packets comprising a field 
containing said identifier of said host Virtual Private Network or an indication 
derived of said identifier. 

5/ Method according to claim 4, characterized in that said messages 
20 belonging to the communication between said user and said communication 
device are sent over a tunnel having said identifier of said host Virtual Private 
Network as tunnel identifier. 

6/ Method according to claim 1 , characterized in that said messages contain 
25 IP packets comprising an IP address of said user. 

7/ Method according to claim 1 , characterized in that said communication 
device is a server belonging to a Virtual Private Network, called local Virtual 
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Private Network, associated to said Network Access Server and different from 
said host Virtual Private Network. 



8/ Network Access Server for enabling a communication between a user and 
5 a communication device, said user being registered in said Network Access 
Server as already connected to a Virtual Private Network, called host Virtual 
Private Network, said communication device being outside of said host Virtual 
Private Network, said Network Access Server being able to access to a 
database associating an identifier of said user to an identifier of said host 
10 Virtual Private Network, said Network Access Server being characterized in 
that it further comprises means for sending messages originating from said 
user and destined to said communication device on a logical channel between 
said Network Access Server and said communication device, said logical 
channel referring to said identifier of said host Virtual Private Network. 

15 

9/ Network Access Server for univocally retrieving a user, out of a plurality of 
users, to which a message sent by a communication device and received at 
said Network Access Server is destined, said user being already connected 
over said Network access server to a Virtual Private Network not comprising 

20 said communication device, said Network Access Server being able to access 
to a database associating an identifier of said user to an identifier of said 
Virtual Private Network to which said user is already connected, said Network 
Access Server being characterized in that it comprises 

a logical channel controller for determining a logical channel identifier of 

25 one logical channel on which said message is received at said Network 

Access server; 

means for retrieving the user to which said message is destined, according 
to said logical channel identifier and said user entry in said database. 
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